How vulnerable is your site to third-party failure?

Third-party scripts are the single most common point of failure for sites: just a single line of JavaScript can take down your entire site. Despite this, measuring the impact of third-party content on a site’s usability is often an afterthought — if it even gets thought about at all.

After running my tests, I revisited some research we did here at Strangeloop into third-party scripts and how they’re used by 200 top ecommerce sites. Some very interesting stuff came up, which I’ll get into later in this post.

Methodology

I wanted to see how vulnerable the top five ecommerce sites (according to Internet Retailer) are to third-party SPOF. I did the exact test that Patrick did, but decided to blackhole all third-party domains except the CDN domain (i.e. if a site was using Akamai or Level 3 for small objects, I did not blackhole that domain).

I generated a series of side-by-side videos for each site, so you can get a vivid sense of the impact of third-party failure on page load. I’ve also included the waterfalls so you can see what the major culprits are. (You can see the scripts I used by clicking on the waterfall for each test and clicking “strip”.)

Office Depot

The issue here seems to be one that Steve described in this 2010 blog post about SPOF. In this case the file is an external JavaScript file very near the top of the page, which is why the effect is so bad. The page is white until it times out trying to connect to the broken domain.

The same behaviour happens when testing this page with HTTPWatch in IE9, Firefox 7, and Chrome 16.

How are top ecommerce sites using third-party scripts?

A few months ago, I wanted a to get a sense of how ecommerce sites were implementing third-party scripts. We did an audit of the top 200 Internet Retailer sites to see who is using what. Here’s some of what we found.

Average number of third-party scripts

Average # of 3rd-party scripts

Top 200 sites

6.7

Top 20 sites

3.5

6.7 actually isn’t that bad, but some sites use many more than that…

Top sites, in terms of the number of third-party scripts used

Site

# of 3rd-party scripts

Coastal Contacts

25

Express LLC

23

American Greetings

22

Urban Outfitters

21

The Sports Authority

20

Coldwater Creek

19

American Girl

19

RealNetworks/GameHouse

18

Chico’s FAS

18

Signature Styles/Spiegel

17

Boden USA

17

When you look at the sheer volume of widgets and third-party tools out there, the numbers above are not too surprising. This next table represents just the tip of the iceberg…

Most-used third-party scripts

3rd-party script provider

Appearance in top 200 sites

Omniture

98

Google Analytics

97

DoubleClick Floodlight

49

DoubleClick

45

Google AdWords Conversion

45

Coremetrics

44

Right Media

40

Foresee

36

Microsoft Atlas

33

LeadBack

32

DoubleClick Spotlight

29

Turn

29

Facebook

27

Acerno

26

Rubicon

25

Channel Intelligence

24

Dotomi

22

Interclick

22

Traffic Marketplace

22

Adconion

19

Channel Advisor

19

Resonance

19

Many people would guess Facebook because of its visibility, but this is a good reminder that “invisible” scripts are actually much more widely used than obvious content like social buttons.

Conclusions

Omniture doesn’t come off well, obviously. In 2 out of 5 of the sites I tested up top, it was clear that if Omniture goes down, the site goes down. And as our survey shows, almost half of the top 200 sites use Omniture.

But I don’t want to over-focus on Omniture. The key issue here is that site owners are implementing more and more third-party scripts, possibly improperly, and with little to no analysis of how these scripts affect their sites. It doesn’t matter how well you optimize the rest of your site if a single line of external JavaScript can take out the whole thing.

Takeaways

The odds that all your third-party scripts are going to fail simultaneously? Pretty close to nil. The odds that some of them going to fail sometimes? Pretty much guaranteed. You need to ask yourself these questions:

What do you know about the third-party scripts on your site? Do you know how many scripts your site contains. Do you know who all of your providers are?

Is your third-party content optimized? You can’t optimize the script itself, obviously, but you can make sure that it’s implemented well in your pages. (Here are some good tips and how-tos.)

Are all those scripts adding value? And is that value significant enough to outweigh any performance losses? (See my blog post and accompanying webinar to figure out how to calculate this.)

What are your SLAs with your third-party providers? Do you even have SLAs with your third-party providers? (Not to turn this into a product shill, but third-party SLAs are a feature in our new Mobile Site Optimizer. If you want to learn how this feature works, read more here.)